Governance, risk management and compliance (GRC) “A system of people, processes and technology that enables an organization to understand and prioritize stakeholder expectations; set business objectives that are congruent with values and risks; achieve objectives while optimizing risk profile and protecting value; operate within legal, contractual, internal, social and ethical boundaries; provide relevant, reliable and timely information to appropriate stakeholders; and enable the measurement of the performance and effectiveness of the system.” Norman Marks
Governance, risk management and compliance (GRC)
Optimizing Internal Audit• Update the Internal Audit Charter as needed• Ensure that the Internal Audit function is independent from the Top Management• Conduct quality assurance assessment for the internal audit function• Risk assessment should be qualitative, participative, real-time, and strategically focused
Considerations when outsourcing IA! Improve the quality of the internal audit function! Reduce the cost of the internal audit functionThree options should be evaluated:• Is the in-house function fit for purpose?• Is outsourcing a value-adding solution?• Is a better option to cosource where skills can be improved or cost saving made?
Understanding the risks of outsourcing " Does the provider have sufficient knowledge of the functions and departments of the organization? " Will internal Audit staff be embedded within the organization? " Will the internal audit provider be able to sustain an effective internal audit over the lifetime of the contract? " Is there a conflict of interest?